General

  • Target

    848ddbaa7f184e3d3e665bd953af29d841bd2511c6ae24419334dfc4e8635a28

  • Size

    419KB

  • Sample

    230416-bw4lpaaa7s

  • MD5

    a66a668ee5af15758e88701059d6a594

  • SHA1

    ecdc72f88534e1826f94f48a2ac1e6092a3764df

  • SHA256

    848ddbaa7f184e3d3e665bd953af29d841bd2511c6ae24419334dfc4e8635a28

  • SHA512

    c9fbbb53df94d4fb417627dc84e235be2254babf2b2126d04f2f15e7c9ca4ec3a483d5df7a717bfc8ce2cf5ba9c382054ff3a64288163e1785820cc644e793c8

  • SSDEEP

    12288:9oHlt9APKDEy9mqVBs1ZFMLQ1RyxK9pvQsq4:9aljAiD1mOu1DsEeWpvQx4

Malware Config

Extracted

Family

rhadamanthys

C2

http://179.43.142.201/img/favicon.png

Targets

    • Target

      848ddbaa7f184e3d3e665bd953af29d841bd2511c6ae24419334dfc4e8635a28

    • Size

      419KB

    • MD5

      a66a668ee5af15758e88701059d6a594

    • SHA1

      ecdc72f88534e1826f94f48a2ac1e6092a3764df

    • SHA256

      848ddbaa7f184e3d3e665bd953af29d841bd2511c6ae24419334dfc4e8635a28

    • SHA512

      c9fbbb53df94d4fb417627dc84e235be2254babf2b2126d04f2f15e7c9ca4ec3a483d5df7a717bfc8ce2cf5ba9c382054ff3a64288163e1785820cc644e793c8

    • SSDEEP

      12288:9oHlt9APKDEy9mqVBs1ZFMLQ1RyxK9pvQsq4:9aljAiD1mOu1DsEeWpvQx4

    • Detect rhadamanthys stealer shellcode

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

    • Accesses Microsoft Outlook profiles

MITRE ATT&CK Enterprise v6

Tasks